I wasn't trying to convolute anything, I was just trying to explain to you that the default vlan configuration is wrong and it should not be. You *should* be able to change to the correct configuration via the webUI, but if that doesn't work as expected, then you need to do it via ssh/telnet with command line. You *should* also be able to use the webUI for vlans 10 and 11, save and except for adding the wireless. That is the only situation where command line would likely need to be employed via startup script. Sorry frustrating and confusing you.
kernel-panic69 wrote:
I wasn't trying to convolute anything, I was just trying to explain to you that the default vlan configuration is wrong and it should not be.
I didn't mean that you were trying to convolute it. Sorry if it came across that way.
kernel-panic69 wrote:
You *should* be able to change to the correct configuration via the webUI, but if that doesn't work as expected, then you need to do it via ssh/telnet with command line.
Yeah I thought so too, but when I removed port4 from vlan0 and moved it to vlan10, I lost access to the Web Administration and even the telnet and SSH that I had setup. Just no access to the router admin -- but the switch still worked (except port4 of course because it was moved to a different vlan)
kernel-panic69 wrote:
You *should* also be able to use the webUI for vlans 10 and 11, save and except for adding the wireless. That is the only situation where command line would likely need to be employed via startup script. Sorry frustrating and confusing you.
Please don't be sorry. I am just frustrated that it's so difficult. I have literally 28 different tabs open related to DD-WRT and vlans and just going through the forum threads to see if I missed something.
Anyway, after I lost complete admin access, I went ahead and did a 30-30-30 reset. directly connected my laptop and then via telnet, did a nvram erase && reboot.
I guess I will set up the device as AP only (as my router is a different pfSense based device) and then go back and try it again. But this is the 3rd time and each time when I remove 1 port from vlan0, I lose complete access.
By the way after the 30-30-30 or the nvram erase, here's the default vlan.ports status for me
At this point, I am thinking of whacking vlan0 completely as you mentioned that with 802.11N and newer, I should only have vlan1 and vlan2 which also makes sense with CPU port being 8
#move port*vlans from 0 to 1 or 1 to 2
nvram set port0vlans="2"
nvram set port1vlans="1"
nvram set port2vlans="1"
nvram set port3vlans="1"
nvram set port4vlans="1"
nvram set port5vlans="1 2 16"
# commit
nvram commit && reboot
Not quite sure if that is safe though because grepping for vlan0 shows a lot of entries in nvram
However my wan_default is set to vlan1 and wan_ifnames=vlan1
Also my eth0, vlan0 & vlan2 hardware address is the same after a reset !!
And that is why I think that maybe my device is old enough to have vlan0 and vlan1 on them instead of vlan1 and vlan2. Not sure if I should whack vlan0 or vlan2 !!!
Could someone please confirm?
Do you think I need to reflash a new version of ddwrt on this? can i just upload the new version of ddwrt via the Web GUI
Last edited by inxsible on Mon Feb 22, 2021 23:42; edited 1 time in total
Joined: 08 May 2018 Posts: 14208 Location: Texas, USA
Posted: Tue Feb 23, 2021 0:01 Post subject:
And, if you want, you can check the vlan layout via CLI in FT, and then if you prefer to run DD, then you can always use that information (copied and pasted to a text file) to un-muck things in DD. I was holding out on suggesting FreshTomato until you chimed in, @eibgrad
ADVERTISEMENT: We need more technically-minded folks with programming skills to look at the public svn repo and possibly sort these kinds of things out and submit patches. /shameless plug _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
ADVERTISEMENT: We need more technically-minded folks with programming skills to look at the public svn repo and possibly sort these kinds of things out and submit patches. /shameless plug
Joined: 08 May 2018 Posts: 14208 Location: Texas, USA
Posted: Tue Feb 23, 2021 0:50 Post subject:
The urgency to branch out from Broadcom devices is where a lot of the issues are in DD, IMHO. Not having as many folks involved here with development as there are elsewhere is also the reality of the situation. That is why I was advertising for more developer-types for DD-WRT.
There are a few forks for Tomato for non-Broadcom, but their development is stagnant. Most non-Broadcom firmware is based on OpenWRT or something besides HyperWRT / Tomato. I just wish that all Broadcom devices would've remained under one company's development. CyberTAN, foxconn, and I forget who else has been involved makes things a little tricky. /off-topic _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Thanks @eibgrad & @kernel-panic69. I had used TomatoUSB way back when I bought the router. Then had eventually moved to DD-WRT. I thought the shibby tomato was a dead project.
Is FreshTomato the same or a different fork?
Will read up further on it and see if that helps me out.
Thanks @eibgrad & @kernel-panic69. I had used TomatoUSB way back when I bought the router. Then had eventually moved to DD-WRT. I thought the shibby tomato was a dead project.
Is FreshTomato the same or a different fork?
Will read up further on it and see if that helps me out.
This is my experience on the VLAN. It is not finished on the set up.
I have pfsense has a router/firewall, a dlink managed switch, a DLink DIR868 as AP
Main VLAN 1, VLAN 20 for camera, VLAN30 for IOT and Guest(only internet access)
I played with NVRAM and got completely lockout from Admin, even reset cannot fix it. Luckily, I was able to regain control of it and put back the default value of the NVRAM. I tried with a difference approach using startup script. With startup script, i can simply press the reset to erase all the changes and back to default value.
The physical connection as follow:
pfsense to port 1 (trunk) of managed switch
DIR868 to port 4(trunk) of the managed switch
All cameras are ethernet connected. it is just me, i feel ethernet connection is better for camera.
On the DIR868 DUAL band
WAN port as SWITCH PORT to port 4 of managed switch.
LAN port 1 and 2 are VLAN20
LAN port 3 and 4 are VLAN1
wifi is VLAN1 (currently)
VAP is VLAN30 (still work in progress)
DDWRT R45711, PORT WAN is 4, PORT CPU is 5 for this model.
The first part is for VAP to work. The rest is for programming the DDWRT.
At the moment, I am still unable to make VLAN30 applies to VAP. I tried it on SETUP>NETWORK>Assign to bridge. And I run into problem.
Issue:
1) After a reboot, assign to bridge for VAP will be lost.
2) Bridge assigned, but client unable to obtain IP from the network. But LAN port works as it should be.
I hope someone can provide some insight on the VAP bridge to a VLAN.
If the issue is on the VAP. I would consider to split the wifi 2.4 for IoT and 5G for Guest.
Joined: 18 Mar 2014 Posts: 12877 Location: Netherlands
Posted: Tue Feb 23, 2021 9:35 Post subject:
Some observations
For Broadcom you can use the nvram method, as described in the switched port wiki
Do not use the WAN port if you do not need the extra port.
It is not part of the switch and is connected internally via the CPU which is considerably slower and does not work in all cases when using VLAN's/tagging
root@apnet:/tmp/home/root# nvram show | grep port.*vlans | sort
root@apnet:/tmp/home/root#
Here are my observations as compared to DDWRT
I still have 3 vlans (vlan0, vlan1 and vlan2) just as I did with DDWRT.
vlan1 ports however are reversed (4 3 2 1 8*) instead of (1 2 3 4 8*) but this is actually correct because the port marked 4 is actually port1 internally on my device
There are no settings for port.*vlans at all
So I am back to square one regarding VLANs. Not sure how to set them up or which CPU port to use (5 or 8 )
Joined: 08 May 2018 Posts: 14208 Location: Texas, USA
Posted: Tue Feb 23, 2021 19:26 Post subject:
Did you do a thorough nvram erase after flashing FT? I find those results to be questionable. Trying to recall exactly where in the UI to do it, but there is an option to wipe the nvram completely and reboot. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Did you do a thorough nvram erase after flashing FT? I find those results to be questionable. Trying to recall exactly where in the UI to do it, but there is an option to wipe the nvram completely and reboot.
I did do a hard reset after the flash. When I uploaded the FreshTomato bin file in DD-WRT upgrade page -- I also selected the option to Reset all the settings -- which would have done the nvram erase.
Here's how the vlan looks immediately after the flash.
Since the vlan0 is not bridged to anything, do you think I can just delete it completely via the WebUI? or just maybe let it be and hopefully it won't affect anything.
There is a place in the FT webUI to do a full nvram erase. Do that, then come back to the table.
Administration -> Configuration
Restore Default: Erase all data in NVRAM (thorough)
Deleting vlan0 and simultaneously moving port4 to vlan10 was not a good idea. I lost all admin access (web, ssh, telnet) to the device.
So I did a 30-30-30 reset on the device. Then connected my laptop directly. vlan0 was finally gone and I only saw vlan1(LAN) and vlan2(WAN) in the WebUI
i did a telnet to the device and performed nvram erase -- twice for good measure.
Now I have set up the 4 SSIDs and the 3 additional bridges and assigned them to the VLANs.
Now the only thing that remains is : how do I move port4 to vlan10 such that only vlan10 can access it. So it should be an untagged port correct?
